23 lines
1.1 KiB
Bash
Executable File
23 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
if [ -d /cert ]; then
|
|
echo "[-] Already installed!";
|
|
exit;
|
|
fi
|
|
echo "[+] Creating cert folder root...";
|
|
sudo mkdir -p /cert/mok;
|
|
sudo chown root:root /cert -Rf;
|
|
sudo chmod u=rw,g=r,o= /cert -Rf;
|
|
echo "[+] Obtaining and processing MOK key from /var/lib/shim-signed/mok...";
|
|
sudo openssl x509 -inform der -in /var/lib/shim-signed/mok/MOK.der -out /cert/mok/MOK.pem;
|
|
sudo cat /var/lib/shim-signed/mok/MOK.priv | sudo tee /cert/mok/signing_key.pem > /dev/null;
|
|
sudo cat /cert/mok/MOK.pem | sudo tee -a /cert/mok/signing_key.pem > /dev/null;
|
|
echo "[+] Creating BMOK cert...";
|
|
sudo openssl req -config BMOK-openssl.cnf -new -x509 -newkey rsa:2048 -nodes -days 36500 --outform der -keyout /cert/BMOK.priv -out /cert/BMOK.der;
|
|
sudo openssl x509 -inform der -in /cert/BMOK.der -out /cert/BMOK.pem;
|
|
echo "[*] Ensuring permissions...";
|
|
sudo chown root:root /cert -Rf;
|
|
sudo chmod u=rw,g=r,o= /cert -Rf;
|
|
echo "[?] Enroling cert (MOK Manager on next reboot):";
|
|
sudo mokutil --import /cert/BMOK.der;
|
|
echo "[+] Done, now use the kernel-build command from bash_aliases after a reboot and the enrole ...";
|